[Secure-testing-commits] r52037 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Sun May 28 21:10:12 UTC 2017 

Author: sectracker
Date: 2017-05-28 21:10:12 +0000 (Sun, 28 May 2017)
New Revision: 52037

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-05-28 20:55:26 UTC (rev 52036)
+++ data/CVE/list	2017-05-28 21:10:12 UTC (rev 52037)
@@ -1,3 +1,23 @@
+CVE-2017-9252 (andrzuk/FineCMS through 2017-05-28 is vulnerable to a reflected XSS in ...)
+	TODO: check
+CVE-2017-9251 (andrzuk/FineCMS through 2017-05-28 is vulnerable to a reflected XSS in ...)
+	TODO: check
+CVE-2017-9250 (The lexer_process_char_literal function in ...)
+	TODO: check
+CVE-2017-9249 (Cross-site scripting (XSS) vulnerability in Allen Disk 1.6 allows ...)
+	TODO: check
+CVE-2017-9248
+	RESERVED
+CVE-2017-9247
+	RESERVED
+CVE-2017-9246
+	RESERVED
+CVE-2017-9245
+	RESERVED
+CVE-2017-9244
+	RESERVED
+CVE-2017-9243 (Aries QWR-1104 Wireless-N Router with Firmware Version WRC.253.2.0913 ...)
+	TODO: check
 CVE-2015-9059 (picocom before 2.0 has a command injection vulnerability in the 'send ...)
 	- picocom <unfixed>
 	NOTE: https://github.com/npat-efault/picocom/commit/1ebc60b20fbe9a02436d5cbbf8951714e749ddb1
@@ -39,21 +59,25 @@
 CVE-2017-9230 (The Bitcoin Proof-of-Work algorithm does not consider a certain attack ...)
 	TODO: check
 CVE-2017-9229 (An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in ...)
+	{DLA-958-1}
 	- libonig 6.1.3-2 (bug #863318)
 	[jessie] - libonig <no-dsa> (Minor issue)
 	NOTE: https://github.com/kkos/oniguruma/issues/59
 	NOTE: https://github.com/kkos/oniguruma/commit/b690371bbf97794b4a1d3f295d4fb9a8b05d402d
 CVE-2017-9228 (An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in ...)
+	{DLA-958-1}
 	- libonig 6.1.3-2 (bug #863316)
 	[jessie] - libonig <no-dsa> (Minor issue)
 	NOTE: https://github.com/kkos/oniguruma/commit/3b63d12038c8d8fc278e81c942fa9bec7c704c8b
 	NOTE: https://github.com/kkos/oniguruma/issues/60
 CVE-2017-9227 (An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in ...)
+	{DLA-958-1}
 	- libonig 6.1.3-2 (bug #863315)
 	[jessie] - libonig <no-dsa> (Minor issue)
 	NOTE: https://github.com/kkos/oniguruma/commit/9690d3ab1f9bcd2db8cbe1fe3ee4a5da606b8814
 	NOTE: https://github.com/kkos/oniguruma/issues/58
 CVE-2017-9226 (An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in ...)
+	{DLA-958-1}
 	- libonig 6.1.3-2 (bug #863314)
 	[jessie] - libonig <no-dsa> (Minor issue)
 	NOTE: https://github.com/kkos/oniguruma/commit/b4bf968ad52afe14e60a2dc8a95d3555c543353a
@@ -66,6 +90,7 @@
 	NOTE: https://github.com/kkos/oniguruma/commit/166a6c3999bf06b4de0ab4ce6b088a468cc4029f
 	NOTE: https://github.com/kkos/oniguruma/issues/56
 CVE-2017-9224 (An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in ...)
+	{DLA-958-1}
 	- libonig 6.1.3-2 (bug #863312)
 	[jessie] - libonig <no-dsa> (Minor issue)
 	NOTE: https://github.com/kkos/oniguruma/commit/690313a061f7a4fa614ec5cc8368b4f2284e059b
@@ -2219,6 +2244,7 @@
 	- ettercap <unfixed> (bug #861604)
 	NOTE: https://github.com/Ettercap/ettercap/issues/792
 CVE-2017-8365 (The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote ...)
+	{DLA-956-1}
 	- libsndfile <unfixed> (bug #862202)
 	NOTE: https://blogs.gentoo.org/ago/2017/04/29/libsndfile-global-buffer-overflow-in-i2les_array-pcm-c/
 	NOTE: https://github.com/erikd/libsndfile/issues/230
@@ -2230,17 +2256,20 @@
 	NOTE: https://blogs.gentoo.org/ago/2017/04/29/rzip-heap-based-buffer-overflow-in-read_buf-stream-c/
 	NOTE: Patch in http://download.opensuse.org/repositories/openSUSE:/Leap:/42.2:/Update/standard/src/rzip-2.1-151.3.1.src.rpm
 CVE-2017-8363 (The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows ...)
+	{DLA-956-1}
 	- libsndfile <unfixed> (bug #862203)
 	NOTE: https://blogs.gentoo.org/ago/2017/04/29/libsndfile-heap-based-buffer-overflow-in-flac_buffer_copy-flac-c/
 	NOTE: https://github.com/erikd/libsndfile/issues/233
 	NOTE: https://github.com/erikd/libsndfile/commit/fd0484aba8e51d16af1e3a880f9b8b857b385eb3
 	NOTE: https://github.com/erikd/libsndfile/commit/cd7da8dbf6ee4310d21d9e44b385d6797160d9e8
 CVE-2017-8362 (The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows ...)
+	{DLA-956-1}
 	- libsndfile <unfixed> (bug #862204)
 	NOTE: https://blogs.gentoo.org/ago/2017/04/29/libsndfile-invalid-memory-read-in-flac_buffer_copy-flac-c/
 	NOTE: https://github.com/erikd/libsndfile/issues/231
 	NOTE: https://github.com/erikd/libsndfile/commit/ef1dbb2df1c0e741486646de40bd638a9c4cd808
 CVE-2017-8361 (The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows ...)
+	{DLA-956-1}
 	- libsndfile <unfixed> (bug #862205)
 	NOTE: https://blogs.gentoo.org/ago/2017/04/29/libsndfile-global-buffer-overflow-in-flac_buffer_copy-flac-c/
 	NOTE: https://github.com/erikd/libsndfile/issues/232
@@ -17628,7 +17657,7 @@
 	- bind9 <not-affected> (RHEL6 specific)
 CVE-2017-3138 [named exits with a REQUIRE assertion failure if it receives a null command string on its control channel]
 	RESERVED
-	{DSA-3854-1}
+	{DSA-3854-1 DLA-957-1}
 	- bind9 1:9.10.3.dfsg.P4-12.3 (bug #860226)
 	NOTE: https://kb.isc.org/article/AA-01471
 	NOTE: Fixed by (9.10.x): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=a636604b20cc0aaabc8edbb7595f7c1c820b7610
@@ -17639,7 +17668,7 @@
 	NOTE: The CVE-2017-3138 is barely an issue in practice anyway.
 CVE-2017-3137 [A response packet can cause a resolver to terminate when processing an answer containing a CNAME or DNAME]
 	RESERVED
-	{DSA-3854-1}
+	{DSA-3854-1 DLA-957-1}
 	- bind9 1:9.10.3.dfsg.P4-12.3 (bug #860225)
 	NOTE: https://kb.isc.org/article/AA-01466
 	NOTE: Additional information for backporting patch: http://www.openwall.com/lists/oss-security/2017/04/17/5
@@ -17648,7 +17677,7 @@
 	NOTE: Fixed by (9.10.x): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=7ab9e8e00775782d474522a5b2bffba8daefefa5 (regression fix)
 CVE-2017-3136 [An error handling synthesized records could cause an assertion failure when using DNS64 with "break-dnssec yes;"]
 	RESERVED
-	{DSA-3854-1}
+	{DSA-3854-1 DLA-957-1}
 	- bind9 1:9.10.3.dfsg.P4-12.3 (bug #860224)
 	NOTE: https://kb.isc.org/article/AA-01465
 	NOTE: Fixed by (9.10.x): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=764240ca07ab1b796226d5402ccd9fbfa77ec32a
@@ -24473,6 +24502,7 @@
 	RESERVED
 	NOT-FOR-US: JMX endpoint of Red Hat JBoss EAP 5
 CVE-2016-9584 (libical allows remote attackers to cause a denial of service ...)
+	{DLA-959-1}
 	- libical <unfixed> (bug #852034)
 	[jessie] - libical <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2016/12/15/5
@@ -37214,6 +37244,7 @@
 	[wheezy] - libical <no-dsa> (Low prio according to upstream)
 	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1280832
 CVE-2016-5824 (libical 1.0 allows remote attackers to cause a denial of service ...)
+	{DLA-959-1}
 	- libical <unfixed> (bug #860451)
 	[jessie] - libical <no-dsa> (Minor issue)
 	NOTE: Original report: https://github.com/libical/libical/issues/235

More information about the Secure-testing-commits mailing list